Asia-Pacific Economic Cooperation

APEC Privacy Framework

The APEC Privacy Framework aims to promote a consistent approach to information privacy protection across APEC member economies, while avoiding the creation of unnecessary barriers to information flows. The aim is to have protections consistent across the region, which will place APEC at the forefront of e-commerce.

Consistent with the Organisation for Economic Co-operation and Development’s (OECD) Privacy Guidelines, the Privacy Framework’s principles and implementation guidance are focused on four main goals:

to develop appropriate privacy protections for personal information

to prevent the creation of unnecessary barriers to information flows

to enable multinational businesses to implement uniform approaches to the collection, use and processing of data

to facilitate both domestic and international efforts to promote and enforce information privacy protections.

The Privacy Framework was endorsed by APEC Ministers in Chile in December 2004. The Privacy Framework consists of four parts: Part I is a preamble, Part II deals with the scope of the principles, Part III contains the nine privacy principles and Part IV deals with implementation of the principles. A commentary has been published alongside the sections within Parts II and III to provide further information and context.

APEC Cross-border Privacy Enforcement Arrangement

The APEC Cross-border Privacy Enforcement Arrangement (CPEA) commenced on 16 July 2010. The Office of the Australian Information Commissioner (OAIC) (formerly the Office of the Privacy Commissioner) is one of four co-Administrators for the CPEA, along with the New Zealand Office of the Privacy Commissioner, the United States Federal Trade Commission and the APEC Secretariat.

The CPEA will provide a framework for privacy regulators to cooperate, and to seek information and advice from each other on cross-border enforcement matters. Any Privacy Enforcement Authority in an APEC economy may participate (eg Privacy Commissioners' Offices, Data Protection Authorities or Consumer Protection Authorities that enforce privacy laws).

The CPEA was developed as part of the Data Privacy Pathfinder initiative, established to progress the implementation of the APEC Privacy Framework. The CPEA was endorsed by APEC Ministers in November 2009.

The Pathfinder initiative also involves the development and implementation of a Cross-border Privacy Rules (CBPR) system. The system will provide guidance on the how the CBPR of businesses can meet the standards of the APEC Privacy Framework and be recognised across APEC economies.